Chapter 7
Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
With manually established security associations, there is no negotiation with the peer, and both sides
Note
must specify the same transform set.
Configure the IPSec Crypto Method and Parameters
A dynamic crypto map policy processes negotiation requests for new security associations from remote
IPSec peers, even if the router does not know all the crypto map parameters (for example, IP address).
Perform these steps to configure the IPSec crypto method, beginning in global configuration mode:
Command or Action
Step 1
crypto dynamic-map dynamic-map-name
dynamic-seq-num
Example:
Router(config)# crypto dynamic-map dynmap 1
Router(config-crypto-map)#
Step 2
set transform-set transform-set-name
[transform-set-name2...transform-set-name6]
Example:
Router(config-crypto-map)# set
transform-set vpn1
Router(config-crypto-map)#
Step 3
reverse-route
Example:
Router(config-crypto-map)# reverse-route
Router(config-crypto-map)#
Step 4
exit
Example:
Router(config-crypto-map)# exit
Router(config)#
Step 5
crypto map map-name seq-num [ipsec-isakmp]
[dynamic dynamic-map-name] [discover]
[profile profile-name]
Example:
Router(config)# crypto map static-map 1
ipsec-isakmp dynamic dynmap
Router(config)#
OL-6426-02
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
Purpose
Creates a dynamic crypto map entry, and enters
crypto map configuration mode.
See the
Cisco IOS Security Command Reference
for more detail about this command.
Specifies which transform sets can be used with
the crypto map entry.
Creates source proxy information for the crypto
map entry.
See the
Cisco IOS Security Command Reference
for details.
Enters global configuration mode.
Creates a crypto map profile.
Configure a VPN
7-7